diff options
| author | Spencer T Brody <spencer@10gen.com> | 2012-07-24 16:52:48 -0400 |
|---|---|---|
| committer | Spencer T Brody <spencer@10gen.com> | 2012-07-24 18:23:16 -0400 |
| commit | a47a1d9a5c2c36b723c4604668ab45781d241d16 (patch) | |
| tree | def7e225a0d30887ac3b8be1c1b1cc89e69ddd31 /jstests/sharding/authCommands.js | |
| parent | d67cf16e616a888be641a548ca132353ca427919 (diff) | |
| download | mongo-a47a1d9a5c2c36b723c4604668ab45781d241d16.tar.gz | |
Add tests that manually providing $auth doesn't affect authentication privileges
Diffstat (limited to 'jstests/sharding/authCommands.js')
| -rw-r--r-- | jstests/sharding/authCommands.js | 56 |
1 files changed, 47 insertions, 9 deletions
diff --git a/jstests/sharding/authCommands.js b/jstests/sharding/authCommands.js index 862fd760f7e..37348bf163f 100644 --- a/jstests/sharding/authCommands.js +++ b/jstests/sharding/authCommands.js @@ -5,18 +5,56 @@ var port = allocatePorts(1)[0]; var path = "jstests/libs/"; MongoRunner.runMongod({port : port, keyFile : path + "key1"}) -db = new Mongo('localhost:' + port).getDB('test'); +var db = new Mongo('localhost:' + port).getDB('test'); -assert.eq(1, db.runCommand({whatsmyuri : 1}).ok); -db.getSiblingDB('admin').addUser("admin", "password"); // active auth even though we're on localhost +assert.eq(1, db.runCommand({dbStats : 1}).ok); -assert.eq(0, db.runCommand({whatsmyuri : 1}).ok); +db.getSiblingDB('admin').addUser("admin", "password"); // activate auth even though we're on localhost -db.getSiblingDB('local').auth('__system', 'foopdedoop'); +assert.eq(0, db.runCommand({dbStats : 1}).ok); -assert.eq(0, db.runCommand({whatsmyuri : 1}).ok); -assert.eq(1, db.runCommand({whatsmyuri : 1, $auth : { test : { userName : NumberInt(1) } } } ).ok ); -assert.eq(0, db.runCommand({whatsmyuri : 1}).ok); // Make sure the credentials are temporary. +assert( db.getSiblingDB('local').auth('__system', 'foopdedoop'), "Failed to authenticate as system user" ); + +assert.eq(0, db.runCommand({dbStats : 1}).ok); +assert.eq(1, db.runCommand({dbStats : 1, $auth : { test : { userName : NumberInt(1) } } } ).ok ); +assert.eq(0, db.runCommand({dbStats : 1}).ok); // Make sure the credentials are temporary. assert.eq(0, db.runCommand({dropDatabase : 1, $auth : { test : { userName : NumberInt(1) } } } ).ok ); -assert.eq(1, db.runCommand({dropDatabase : 1, $auth : { test : { userName : NumberInt(2) } } } ).ok );
\ No newline at end of file +assert.eq(1, db.runCommand({dropDatabase : 1, $auth : { test : { userName : NumberInt(2) } } } ).ok ); + + +db.addUser( "roUser", "password", true ); // Set up read-only user for later + +// Test that you can't affect privileges by sending $auth when not authenticated as __system. + +db = new Mongo(db.getMongo().host).getDB('test'); // Get new connection with no auth + +var runTests = function( db ) { + assert.eq(0, db.runCommand({dbStats : 1, $auth : { test : { userName : NumberInt(2) } } } ).ok ); + assert.eq(0, db.runCommand({dropDatabase : 1, $auth : { test : { userName : NumberInt(2) } } } ).ok ); + assert.eq(0, db.runCommand({dropDatabase : 1, $auth : { local : { __system : NumberInt(2) } } } ).ok ); + + db.auth( "roUser", "password" ); + + assert.eq(1, db.runCommand({dbStats : 1}).ok); + assert.eq(1, db.runCommand({dbStats : 1, $auth : { test : { userName : NumberInt(0) } } } ).ok ); + assert.eq(0, db.runCommand({dropDatabase : 1, $auth : { test : { userName : NumberInt(2) } } } ).ok ); + assert.eq(0, db.runCommand({dropDatabase : 1, $auth : { local : { __system : NumberInt(2) } } } ).ok ); +} + +runTests( db ); + +// Test that you can't affect privileges by sending $auth to a sharded system. + +var rsOpts = { oplogSize: 10, verbose : 2, useHostname : false }; +var st = new ShardingTest({ keyFile : 'jstests/libs/key1', shards : 2, chunksize : 1, config : 3, + rs : rsOpts, other : { nopreallocj : 1, verbose : 2, useHostname : false }}); + +db = st.s.getDB('test'); + +db.addUser( 'roUser', 'password', true ); // Set up read-only user for later +db.getSiblingDB('admin').addUser("admin", "password"); // activate auth even though we're on localhost + +runTests( db ); + +st.stop();
\ No newline at end of file |